Geolocation Forensics

This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

You can now attend the webcast using your mobile device!

Overview

Join us for the next installment of the SANS-APAC webcast series where we will provide a technical look at Geolocation Forensics.

A wide range of artifacts exist that can be used to put a laptop or mobile device in a particular place at a particular time. Geolocation artifacts are permeating operating systems, applications and file formats, giving forensic analysts new resources. As an example, the new HTML 5 standard has geolocation baked in, leading to an explosion of new geo-aware web applications. Including these artifacts in your investigations adds a new dimension of information -- providing critical data on who, what, when AND where.

Speaker Bio

Chad Tilbury

Chad has nearly 20 years of experience working with government agencies, defense contractors, and Fortune 500 companies. And his case list looks like it's been pulled straight from those spy novels he grew up reading: murder, abduction, espionage, fraud, hacking, intellectual property theft, child exploitation, terrorism, and computer intrusions. He has served as a Special Agent with the Air Force Office of Special Investigations, where he investigated and conducted computer forensics for a variety of crimes and ushered counter-espionage techniques into the digital age. Chad has also led international forensic teams and was selected to provide computer forensic support to the United Nations Weapons Inspection Team. He is a technical director at CrowdStrike, where he specializes in incident response, corporate espionage, and computer forensics. Here at SANS, Chad is a senior instructor and co-author for two six-day courses: FOR500: Windows Forensic Analysis, which focuses on the core skills required to become a certified forensic practitioner, and FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, which teaches sophisticated computer intrusion analysis and advanced threat hunting techniques.